Cloud and Security. I hope I’ve got your attention a bit :). In 99% of my talks about PLM and the cloud, the topic of security was coming very fast. The question of how to provide a balanced way to handle it is the one I’m mostly interested. Thinking about consumer and enterprise space, Google seems to be one of the companies that has real concerns about how to support it in the right way. In my view, Google is actively seeking how to increase their Google App presence in the enterprise space and replace Microsoft Office suite of product. Over the weekend, I was reading ZDNet blog – Google App Engine now officially secure. While I don’t think, this is the major addition to what Google already had, I found it as important. Pay attention to the following passage:

The certification process, which covers everything from physical security at the data center to making sure that only pre-cleared staff have access to customer data, to evaluating Google’s redundancy and incident reporting… And the bottom line to all this is that several enterprises require their cloud providers to be compliant with these standards – formerly SAS 70, and now SSAE-16. And this means that Google App Engine is open to a whole new customer base, with confidences bolstered by an authoritative second opinion.

My take is that certification process can open many doors for Google Apps in the world of enterprise.

Cloud PLM Certification

There are not much existing cloud PLM applications. I definitely need to mention Arena Solution as one of the pioneers in this space. PTC/Windichill was experimenting with IBM deployment, but I don’t know much about the status of this solution. Some of the cloud / SaaS products such as Agile Advantage was retired by vendors. Multiple providers in CAD/PLM space are rushing to announce and provide their roadmaps and first product introduction into this space. There are few, I noticed specifically: Dassault announced about their V6 cloud applications, Aras published, they are ready for cloud with Aras Innovator. Autodesk, even if not having any cloud enterprise application today, already announced about future Autodesk PLM cloud application coming later this year. I’d be interested to hear these (and other) vendors are talking about ‘security topics’. What is vendor’s view on cloud security certifications for the enterprise? What specific certifications expected by customers depends on customer type and range? What is the reasonable requirement and what is the "red-herring" type of requirements?

What is my conclusion? Security is important. I think, industry developed lots of potential technologies, procedures and techniques for security. However, to differentiate between what is the priority and what is the minimum set of techniques and procedures is important. PLM vendors will have to discover them to provide it to customers and, at the same time, to optimize the cost of security mechanisms. Just my thoughts..